Login Sign Up

CVE-2022-0766

9.8 CRITICAL
SSRF

📋 TL;DR

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Calibre-Web, an open-source web application for managing eBook collections. Attackers can exploit this to make the server send unauthorized requests to internal or external systems, potentially accessing sensitive data or services. All users running Calibre-Web versions prior to 0.6.17 are affected.

💻 Affected Systems

Products:
  • Calibre-Web
Versions: All versions prior to 0.6.17
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability exists in the application's request handling logic and affects all deployments regardless of configuration.

📦 What is this software?

Calibre Web by Janeczku

View all CVEs affecting Calibre Web →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the server, data exfiltration, or lateral movement to internal systems through SSRF chaining with other vulnerabilities.

🟠

Likely Case

Unauthorized access to internal services, metadata leakage, or denial of service through resource exhaustion.

🟢

If Mitigated

Limited impact with proper network segmentation and input validation, potentially only affecting the Calibre-Web instance itself.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access to the Calibre-Web application. The fix commit shows specific vulnerable endpoints.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.6.17

Vendor Advisory: https://github.com/janeczku/calibre-web/commit/965352c8d96c9eae7a6867ff76b0db137d04b0b8

Restart Required: Yes

Instructions:

1. Backup your Calibre-Web data and configuration. 2. Update to version 0.6.17 or later using your package manager or by downloading from GitHub. 3. Restart the Calibre-Web service. 4. Verify the update was successful.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict outbound network access from the Calibre-Web server to only necessary services.

Input Validation

all

Implement additional input validation for URL parameters in the application configuration.

🧯 If You Can't Patch

  • Implement strict network controls to limit the server's outbound connections
  • Disable or restrict access to vulnerable endpoints if possible

🔍 How to Verify

Check if Vulnerable:

Check the Calibre-Web version in the web interface or configuration files. If version is below 0.6.17, the system is vulnerable.

Check Version:

Check the Calibre-Web web interface or examine the application's version file if available.

Verify Fix Applied:

After updating, verify the version shows 0.6.17 or higher in the web interface or via the version check command.

📡 Detection & Monitoring

Log Indicators:

  • Unusual outbound HTTP requests from the Calibre-Web server
  • Requests to internal IP addresses or unusual domains

Network Indicators:

  • Unexpected HTTP traffic from Calibre-Web server to internal services

SIEM Query:

source="calibre-web" AND (dest_ip=10.0.0.0/8 OR dest_ip=172.16.0.0/12 OR dest_ip=192.168.0.0/16)

📊 Metadata

CVE ID: CVE-2022-0766
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-918
Published: March 7, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-0766, you might also want to check these:

CVE-2023-3432 10.0

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in PlantUML versions prior to ...

Same vulnerability type (CWE-918)
CVE-2025-2828 10.0

This Server-Side Request Forgery (SSRF) vulnerability in langchain-community's RequestsToolkit allow...

Same vulnerability type (CWE-918)
CVE-2023-43654 10.0

TorchServe versions 0.1.0 to 0.8.1 have a critical vulnerability where the default configuration lac...

Same vulnerability type (CWE-918)